Compliance: NIST 800-171

The National Institute of Standards and Technology (NIST) Special Publication 800-171 is an important set of guidelines that aims to ensure the safety and confidentiality of sensitive federal data. Any organization that stores, processes, or transmits CUI for the Department of Defense, NASA, and any federal or state agency must be in compliance with NIST 800-171.

Here is a detailed look at how RMM Central helps to achieve NIST 800-171

S.No Requirement Description How RMM Central fulfills it?
3.1

Access Control

 
3.1.1

Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).

Create local users and add them to a suitable group to provide them proper scope for systems using RMM Central’s user management configuration.

3.1.2

Limit system access to the types of transactions and functions that authorized users are permitted to execute.

Create local users and add them to a suitable group to provide them with proper scopefor systems using RMM Central’s user management configuration.

3.1.5

Employ the principle of least privilege, including for specific security functions and privileged accounts.

Using the Privileged Access Management solution, privileged user activity can be supervised with session shadowing capabilities and dual control on privileged access can be achieved. Local user accounts can be managed using user management configurations under RMM Central.

3.1.7

Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.

Create local users and add them to a suitable group to provide them proper scope for systems using RMM Central’s user management configuration.

RMM Central has access to all systems’ Event Viewer to monitor the activities performed in each system. You can provide various category-based filters to monitor the required activities.

3.1.8

Limit unsuccessful logon attempts.

Deploy scripts that limit the number of logon attempts to all endpoints from a centralized console with RMM Central’s custom script configuration.

3.1.9

Provide privacy and security notices consistent with applicable CUI rules.

RMM Central's Legal Notice configuration enables you to display important announcements and legal notices throughout the enterprise. The configured message will be displayed whenever the user presses ctrl+alt+del to login.

3.1.10

Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.

Force the screen to sleep or hibernate after a specified duration of inactivity with RMM Central’s power management configuration. You can also configure whether the password should be required after sleep or not.

3.1.12

Monitor and control remote access sessions.

Block outbound remote control ports for specified users or computers using RMM Central’s firewall configuration to prevent unprivileged remote sessions.

3.1.13

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

Remote Control feature of RMM Central is supported in HTTPS to protect the confidentiality of remote access sessions.

3.1.15

Authorize remote execution of privileged commands and remote access to security-relevant information.

Deploy privileged commands to multiple computers and control systems' displays remotely from RMM Central’s centralized console.

3.1.18

Control connection of mobile devices.

Prevent unauthorized mobile devices from connecting to your organization’s network with RMM Central’s SCEP certificate distribution feature.

Deploy profiles to all mobile devices based on their platform to restrict mobile device usage including anonymous activities on them.

3.1.19

Encrypt CUI on mobile devices and mobile computing platforms.

Containerize CUI on mobile devices using RMM Central’s mobile device management capabilities. If any malicious activity, like data theft, is discovered, the device can be wiped remotely. RMM Central also provides the option to secure devices with passwords that adhere to predefined complexity requirements.

3.1.20

Verify and control/limit connections to and use of external systems.

RMM Central provides features to restrict the usage of USB devices. By assigning strict device policies, you can instantly identify the devices connected to your endpoints.

3.1.21 Limit use of portable storage devices on external systems.

RMM Central provides features to restrict the usage of USB devices and other portable storage devices to prevent theft of the CUI stored in systems.

3.1.22

Control CUI posted or processed on publicly accessible systems.

RMM Central helps to authorize only approved software to run in your publicly accessible systems. It helps block/unblock removable storage devices in publicly accessible systems, keeping your organization's systems secure.

3.3

Audit & accountability

 

3.3.1

Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

RMM Central has access to all systems’ Event Viewer to monitor the activities performed in each system. You can also provide various category-based filters to monitor the required activities.

3.3.2

Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions.

RMM Central provides User Log on Report to track the user login and logoff history in the managed endpoints.
The actions performed by the admin and technicians in the web-console of the product is logged for better auditing.

3.3.3

Review and update logged events.

RMM Central has access to all systems’ Event Viewer to monitor the activities performed in each system. You can also provide various category-based filters to monitor the required activities.

3.4

Configuration Management

 

3.4.1

Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.

RMM Central can maintain an inventory of organizational systems, including hardware and software. You can deploy a baseline configuration to systems using RMM Central.

3.4.2

Establish and enforce security configuration settings for information technology products employed in organizational systems.

Deploy security policies in endpoints with RMM Central's security policy configuration.

Blacklist or whitelist applications and stand-alone EXEs with RMM Central to prevent unauthorized applications from performing malicious activities.

Secure your systems by allowing or blocking removable and portable devices using RMM Central.

3.4.3

Track, review, approve or disapprove, and log changes to organizational systems.

All hardware and software changes are tracked on time. RMM Central also tracks patches and software updates. You can remediate those changes by deploying configurations.

3.4.4

Analyze the security impact of changes prior to implementation.

Using the 'Test and Approve' feature under Patch Management provided by RMM Central enables you to view the compatibility of the patch update with the systems in the network prior deployment of the patches. RMM Central provides the feature test deployment for specific targets for other modules like configurations and software deployment.

3.4.5

Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational system.

Enforce logical restrictions catering to your needs using the various User Configurations settings found under RMM Central's configuration module.

3.4.7

Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.

Blacklist or whitelist applications and stand-alone EXEs to prevent unauthorized applications from performing malicious activities using RMM Central.

Block or allow specific ports in both inbound and outbound connections with RMM Central’s firewall configuration.

Delete unapproved services from all machines using RMM Central’s service configuration.

Restrict the use of portable storage devices and Bluetooth with RMM Central to avoid theft of CUI stored in machines.

3.4.8

Blacklist or whitelist applications across your organization or only for a specific group with RMM Central.

3.4.9

Control and monitor user-installed software.

RMM Central provides you with a Self-Service Portal that allows you to publish software to the target users/computers. Unlike manual software deployment, you can publish the list of software to the group (target users/computers). You can empower the users to install software based on their needs. It also provides a blacklisting feature which enables you to associate an application blacklist with different custom groups while keeping in consideration a user’s role in the enterprise.

3.5

Identification & Authentication

 

3.5.1

Identify system users, processes acting on behalf of users, and devices.


 

RMM Central's System Manager enables administrators to perform various system management tasks. For example, viewing the list of users of the managed computers. The list of devices associated to each computer and the choice to enable/disable the drivers related to the devices is also provided by RMM Central.


System users, processes and services running in the machines can be identified and viewed using RMM Central. Common device identifiers like MAC and IP are available.


Custom fields can be added and the endpoints can be marked with different identifiers according to your requirement.

3.5.2

Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational systems.

The list containing the users of the managed computers and the list of devices associated to them is accessible under Tools>System Manager. System manager also provides a list of running processes on systems which can be killed or managed as required. Privileged access can be enabled using MDM and Application Control modules.

3.5.7

Enforce a minimum password complexity and change of characters when new passwords are created.

Enforce password complexity using a custom script in RMM Central.

3.5.9

Allow temporary password use for system logons with an immediate change to a permanent password.

The User Management Configuration of RMM Central allows you to define the scope of a user and specify a username and password.

3.7

Maintenance

 

3.7.1

Perform maintenance on organizational systems.

RMM Central offers configurations that help you manage applications, system settings, desktop settings, and security policies. RMM Central also offers a wide range of tools with which you can perform a variety of operations while troubleshooting for maintaining the organizational systems.

3.7.6

Supervise the maintenance activities of maintenance personnel without required access authorization.

Utilize RMM Central's remote control, with a view-only mode option, to supervise maintenance personnel’s activity on endpoints.

3.8

Media protection

 

3.8.1

Restrict the use of removable storage media using RMM Central

3.8.2

Limit access to CUI on system media to authorized users.

Control, block and monitor USB and peripheral devices using RMM Central. The Drive Mapping configuration under RMM Central enables you to map a remote network resource to the user machines and eases the process.

3.8.3

Sanitize or destroy system media containing CUI before disposal or release for reuse.

Delete files that contain CUI from your organization’s systems with RMM Central’s file folder operation.

3.9

Personnel security

 

3.9.2

Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.

Remotely wipe systems in case of personnel terminations and transfers with RMM Central’s remote wipe capability. Before wiping the data, you can back up the folder using the product’s folder backup configuration. You can also move those backup files to the secured systems repository using the file folder configuration.

3.11

Risk Assessment

 

3.11.1

Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.

Each RMM Central module has predefined reporting functionalities so you can audit information related to your organization’s systems, which helps to take further actions to strengthen the security of CUI. You can fetch the status of your systems and provide this information as built-in reports. After reviewing the status of the systems’ security health, you can perform the necessary actions right from the reports.

3.12

Security Assessment

 

3.12.1

Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.

Each of RMM Central's modules offer predefined reporting to help audit information related to organizational systems, which helps you take further actions to strength the security of CUI. You can fetch the status of your organization’s systems and provide this information as built-in reports with the security add-on. Review the status of your systems’ security health and perform the necessary actions right from the reports.

3.12.2

Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.

Identify vulnerabilities with periodic scanning and correct deficiencies by deploying missing patches to systems using RMM Central’s patching capability.

3.12.3

Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.

The data about the security status of the endpoints managed in your network is provided by RMM Central which can aid you in monitoring and ensuring that there is no loss of effectiveness of the controls over time.

3.13

System & communication

 

3.13.1

Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.

Endpoint Central's firewall configuration helps you block or allow inbound or outbound communications on systems using specified ports. This helps minimize attacks through anonymous ports.

3.13.4

Prevent unauthorized and unintended information transfer via shared system resources.

Endpoint Central provides data access control information, including the folders that are shared with various permission levels. Permission management helps revoke permissions for those folders.

3.13.16

Protect the confidentiality of CUI at rest.

Endpoint Central provides information on which folders are shared with what level of permissions. This data access control information helps mitigate the risk of CUI being shared with full or write-level permission.

Encrypt your systems’ hard disks with Endpoint Central’s Bitlocker add-on to ensure the CUI stored on those systems is secure.

3.14

System and information integrity

 

3.14.1

Identify, report, and correct system flaws in a timely manner.

Identify systems with security misconfigurations and missing patches, service packs, and antivirus definition updates with Endpoint Central’s vulnerability scanning, and remediate these flaws from a centralized console.

3.14.3

Monitor system security alerts and advisories and take actions in response.

Endpoint Central provides event logs (classified as errors, information messages and warnings) which help in auditing and troubleshooting. Using the vulnerability module gives you an assessment of the security posture of the managed endpoints.

3.14.6

Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.

Block or allow inbound and outbound connections on systems with Endpoint Central’s firewall configuration; this helps minimize attacks through anonymous ports.

3.14.7

Identify unauthorized use of organizational systems.

Track the use of USB devices on each system using Endpoint Central’s USB audit feature. Detect systems that contain unapproved applications and uninstall that software using Endpoint Central.